summaryrefslogtreecommitdiff
path: root/changes
diff options
context:
space:
mode:
authorSebastian Hahn <sebastian@torproject.org>2010-12-30 19:54:13 +0100
committerSebastian Hahn <sebastian@torproject.org>2011-01-15 19:42:17 +0100
commit026e7987ad312a26efb926ae44adc158770de7cd (patch)
tree73a8e03bc137be9aa3aaa644ea5bc2e1a1586987 /changes
parentca6c8136128eed09a33aeeddc6d11b58b4eb361b (diff)
downloadtor-026e7987ad312a26efb926ae44adc158770de7cd.tar.gz
tor-026e7987ad312a26efb926ae44adc158770de7cd.zip
Sanity-check consensus param values
We need to make sure that the worst thing that a weird consensus param can do to us is to break our Tor (and only if the other Tors are reliably broken in the same way) so that the majority of directory authorities can't pull any attacks that are worse than the DoS that they can trigger by simply shutting down. One of these worse things was the cbtnummodes parameter, which could lead to heap corruption on some systems if the value was sufficiently large. This commit fixes this particular issue and also introduces sanity checking for all consensus parameters.
Diffstat (limited to 'changes')
-rw-r--r--changes/bug23179
1 files changed, 9 insertions, 0 deletions
diff --git a/changes/bug2317 b/changes/bug2317
new file mode 100644
index 0000000000..0b9366c36f
--- /dev/null
+++ b/changes/bug2317
@@ -0,0 +1,9 @@
+ o Major features:
+ - Introduce minimum/maximum values that a client is going to believe
+ in a consensus. This helps to avoid crashes or worse when a param
+ has a weird value.
+
+ o Major bugfixes:
+ - Prevent crash/heap corruption when cbtnumnodes consensus parameter is
+ set to 0 or large values. Fixes bug 2317.
+